White hat hacker Mafiaboy casts doubt on cloud computing security

White hat hacker Mafiaboy casts doubt on cloud computing security

Michael Calce warns businesses information will be under attack

Article comments

Michael Calce, the reformed hacker from Montreal who will forever be known as Mafiaboy, told a group of IT professionals Tuesday that he has serious concerns about the inherent vulnerabilities in the latest evolution of information technology: cloud computing.

Calce was a guest speaker at storage vendor Hitachi Data Systems' (HDS) annual Information Forum event. He came to fame in 2000 when, as a teenager, he launched a series of denial of service attacks that crippled the websites of companies such as CNN, Amazon, Dell and Yahoo, leading to a manhunt by the RCMP and the FBI and his eventual arrest.


Having completed his sentence and matured beyond the "misguided youth with too much power at his fingertips," Calce is speaking out about IT security and the inherent vulnerabilities in the way the Internet is constructed that he said still haven't been addressed. And Calce has some serious concerns about the latest craze sweeping the IT industry: cloud computing

"These businesses are a lot more at risk today than ever before. So much data is available, and being put into the cloud," said Calce. "It's one of the reasons I've decided to break my silence."

While he understands the practicality behind the cloud architecture, agreeing it's what the Internet was really designed to be, Calce said he worries if we're ready for the security risks and are willing to address them.

"Raising awareness of security is very critical to where the cloud is moving," said Calce. "It's like sex-ed, we need IT security education in school. At this point, everyone is destined in their lives to touch technology."

In an interview with CDN, Calce said while everyone is focused on the cloud, his biggest concern is that we're not even secure with our current infrastructure, and here we are putting our data alone in one bubble. It's a great concept, but he said security seems to be an afterthought.

"It's hard to patch-up holes when so many bullets have already been fired. I know I'll never get businesses to agree but we need to slow down technology, and stop reinventing without fixing the predecessor first," said Calce. "We're always taking on security as an afterthought. We should redesign the protocols behind the Internet to make it less exploitable.

Calce isn't suggesting we back away from new models of computing like the cloud. But he does stress we need to make security a priority, not an afterthought. "Imagine building a new house with a crap foundation, how long will it last?" asked Calce. "Why not build a new foundation first?"

While he doesn't share Calce's level of concern with cloud computing, Chris Willis, senior director of solutions consulting for HDS Canada, said they brought Calce in as a speaker because they wanted to raise the awareness of security issues around cloud computing and IT in general.

Willis said Hitachi works with its partners such as Brocade to build security into its systems and architectures, and offers features such as data encryption both at rest and in flight.

"The top thing people ask about cloud applications is if it's secure. It comes back to education, awareness and standards," said Willis. "It's like STDs. No one wants to talk about if, but you'd better talk about it."

Bradley Brodkin, president of Hitachi partner HighVail Systems, said he can understand Calce's concerns and where he's coming from but, at the end of the day, we're not going to go offline.

"I've been defrauded. People have stolen information on me from a dumpster. It's caused some grief," said Brodkin. "But I do a lot of things online. If it happens, it happens. The vendors work very diligently to prevent fraud. As a partner I have to rely on technology to run my life. At the end of the day, you're going to worry or you're going to live your life."

Share:

Comments

  • Alex Cocoon Cool article glad to see that there are valid concerns regarding the safety of cloud computingGPN - Porticor looks pretty cool seems to be for people or businesses that already use cloud computing and are interested in buffing up their protectionIve been working for a company called Cocoon that offers web anonymity malware prevention and increased privacy through our cloud-based servers We also store all of our users cookies and browsing history so that no information ever touches their hard drivesTo learn more please visit httpwwwgetcocooncom We are currently in beta so our service is free as a Firefox add-onThanks have a nice day and stay protectedAlex
  • GPN Good points However its not all dark There are also people gearing up to provide solutions to the problems raised Take a look at our site httpwwwporticorcom
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *